|
Command: |
Export Electronic Purse Card Key Set |
|
Notes: |
The output from this function is a double length key used to encrypt keys sent from the Europay KMC (BKEM) and a double length key used to MAC keys sent from the Europay KMC (BKAM) Some of the keys in the key set may be set to all zeroes to indicate they are not supplied. The zero value will then be placed in the data block to be protected with a MAC The Europay documents refer to the KML as KDLiss, KM3X as K3Xiss etc. All keys are passed in using key scheme U |
|
Field |
Length & Type |
Details | |
|
COMMAND MESSAGE |
|||
|
Message Header |
m A |
Will be returned to the Host unchanged | |
|
Command Code |
2 A |
Value R2 | |
|
Delimiter |
1 A |
Optional. If present the following field must be present. Value ;. | |
|
ESP Version |
1 A |
0 = September 2002 Specification 1 = April 2003 Specification (Version = 03 02) Only present if above Delimiter is present. | |
|
Member ID |
10 N |
Member ID number provided by the KMC PSS16 form sent by Europay to the member | |
|
Key Set Reference |
4 N |
Reference of the Magnetic Stripe Card Keys provided in this key set, as defined by the member | |
|
Floor Expiry Date for key set |
4 N |
Expiry Date in format MMYY | |
|
PAN Range for Key Set |
38 N |
Concatenation of 19 digits formed of PAN‑low left padded by 0s and 19 digits formed of PAN‑high left padded by 0s | |
|
KMLiss |
1A + 32 H |
Double length master key, encrypted under LMK pair 20-21 Variant 1, using Key Encryption Scheme U | |
|
Extra KDLIss Key Data |
Decision Matrix in case of Invalid Cryptogram |
3 N |
000 = Approved |
|
Decision Matrix in case of Impossible to validate cryptogram |
3 N |
000 = Approved | |
|
ICC Mater Key |
1 N |
1 = Algorithm 4 | |
|
Session Key |
1 N |
1 = Algorithm 3 | |
|
S1 Cryptogram |
1 N |
1 = Reserved for future use | |
|
S2 Cryptogram |
1 N |
1 = Reserved for future use | |
|
H
|
2 N |
If SKD = 1 Filler If SKD = 2 Height of the tree | |
|
B
|
2 N |
If SKD = 1 Filler If SKD = 2 Branch of the tree | |
|
KM3Liss |
1A + 32 H |
Double length master key, encrypted under LMK pair 20-21 Variant 5, using Key Encryption Scheme U | |
|
Extra KD3LIss Key Data |
Decision Matrix in case of Invalid Cryptogram
|
3 N |
000 = Approved |
|
Decision Matrix in case of Impossible to validate cryptogram
|
3 N |
000 = Approved | |
|
ICC Master Key |
1 N |
1 = Algorithm 4 | |
|
Session Key Derivation |
1 N |
1 = Algorithm 3 2 = Algorithm 5 | |
|
S3 Cryptogram Algorithm ID |
1 N |
1 = Reserved for future use | |
|
H |
2 N |
If SKD = 1 Filler If SKD = 2 Height of the tree | |
|
B |
2 N |
If SKD = 1 Filler If SKD = 2 Branch of the tree | |
|
KMXiss |
1A + 32 H |
Double length master key encrypted under LMK pair 20-21 Variant 2, using Key Encryption Scheme U | |
|
Extra KDXIss Key Data |
Decision Matrix in case of Invalid Cryptogram
|
3 N |
000 = Approved |
|
Decision Matrix in case of Impossible to validate cryptogram
|
3 N |
000 = Approved | |
|
ICC Master Key |
1 N |
1 = Algorithm 4 | |
|
Session Key Derivation |
1 N |
1 = Algorithm 3 2 = Algorithm 5 | |
|
S1 Cryptogram Algorithm ID |
1 N |
1 = Reserved for future use | |
|
S2 Cryptogram |
1 N |
1 = Reserved for future use | |
|
H |
2 N |
If SKD = 1 Filler If SKD = 2 Height of the tree | |
|
B |
2 N |
If SKD = 1 Filler If SKD = 2 Branch of the tree
| |
|
KM3Xiss
|
1A + 32 H |
Double length master key, encrypted under LMK pair 20-21 Variant 6, using Key Encryption Scheme U | |
|
Extra KD3XIss Key Data |
Decision Matrix in case of Invalid Cryptogram
|
3 N |
000 = Approved |
|
Decision Matrix in case of Impossible to validate cryptogram
|
3 N |
000 = Approved | |
|
ICC Master Key |
1 N |
1 = Algorithm 4 | |
|
Session Key Derivation |
1 N |
1 = Algorithm 3 2 = Algorithm 5 | |
|
S3 Cryptogram Algorithm ID |
1 N |
1 = Reserved for future use | |
|
H |
2 N |
If SKD = 1 Filler If SKD = 2 Height of the tree | |
|
B |
2 N |
If SKD = 1 Filler If SKD = 2 Branch of the tree | |
|
KMPiss
|
1A + 32 H |
Double length master key, encrypted under LMK pair 20-21 Variant 3, using Key Encryption Scheme U | |
|
Extra KDPiss Key Dat a |
Decision Matrix in case of Invalid Cryptogram |
3 N |
000 = Approved |
|
Decision Matrix in case of Impossible to validate cryptogram |
3 N |
000 = Approved | |
|
ICC Master Key |
1 N |
1 = Algorithm 4 | |
|
Session Key Derivation |
1 N |
1 = Algorithm 3 2 = Algorithm 5 | |
|
S6 Cryptogram Algorithm ID |
1 N |
1 = Reserved for future use | |
|
H |
2 N |
If SKD = 1 Filler If SKD = 2 Height of the tree
| |
|
B |
2 N |
If SKD = 1 Filler If SKD = 2 Branch of the tree
| |
|
KMSIiss
|
1A + 32 H |
Double length master key, encrypted under LMK pair 22-23 Variant 3, using Key Encryption Scheme U
| |
|
Extra KDSIiss Key Data |
ICC Master Key Derivation |
1 N |
1 = Algorithm 4 |
|
Session Key |
1 N |
1 = Algorithm 3 | |
|
MAC Algorithm ID |
1 N |
1 = Reserved for future use | |
|
H |
2 N |
If SKD = 1 Filler If SKD = 2 Height of the tree | |
|
B |
2 N |
If SKD = 1 Filler If SKD = 2 Branch of the tree | |
|
KMSCiss
|
1A + 32 H |
Double length master key, encrypted under LMK pair 22-23 Variant 4, using Key Encryption Scheme U | |
|
Extra KDSCiss Key Data |
ICC Master Key Derivation |
1 N |
1 = Algorithm 4 |
|
Session Key |
1 N |
1 = Algorithm 3 | |
|
Encryption |
1 N |
1 = Reserved for future use | |
|
H |
2 N |
If SKD = 1 Filler If SKD = 2 Height of the tree | |
|
B |
2 N |
If SKD = 1 Filler If SKD = 2 Branch of the tree
| |
|
Transport Key ID |
4 N |
Key ID of the BKAM, BKEM used | |
|
IDcep |
6 B |
Derivation Data | |
|
MAC algorithm |
1 N |
MAC algorithm to be used with BKAM, | |
|
BKAM |
1A + 32 H |
BKAM encrypted under LMK pair 22-23, variant 6 | |
|
BKEM |
1A + 32 H |
BKEM encrypted under LMK pair 22-23, variant 5 | |
|
End Message Delimiter |
1 C
|
Optional. Must be present if a message trailer is present. Value X'19 | |
|
Message Trailer |
n A
|
Optional. Maximum length 32 characters
| |
|
RESPONSE MESSAGE |
|||
|
Message Header |
m A |
Will be returned to the Host unchanged | |
|
Response Code |
2 A |
Value R3 | |
|
Error Code |
2 N |
00 - No error 8 BKAM parity error 9 BKEM parity error 10 KML parity error 11 KM3L parity error 50 KMX parity error 15 Error in input data 51 Invalid MAC algorithm number 52 KM3X parity error 53 KMP parity error 54 KMSI parity error 55 KMSC parity error 80 - Data length error | |
|
ESP Sequence Number |
16 H |
Sequence Number from the ESP | |
|
Encrypted KDL |
32 H |
BKEM Encrypted Key | |
|
KDL Key Check Value |
3 B |
| |
|
Encrypted KD3L |
32 H |
BKEM Encrypted Key | |
|
KD3L Key Check Value |
3 B |
| |
|
Encrypted KDX |
32 H |
BKEM Encrypted Key | |
|
KDX Key Check Value |
3 B |
| |
|
Encrypted KD3X |
32 H |
BKEM Encrypted Key | |
|
KD3X Key Check Value |
3 B |
| |
|
Encrypted KDP |
32 H |
BKEM Encrypted Key | |
|
KDP Key Check Value |
3 B |
| |
|
Encrypted KSI |
32 H |
BKEM Encrypted Key | |
|
KSI Key Check Value |
3 B |
| |
|
Encrypted KSC |
32 H |
BKEM Encrypted Key | |
|
KSC Key Check Value |
3 B |
| |
|
MAC |
16 H |
MAC calculated over key set data using BKAM | |
|
End Message Delimiter |
1 C
|
Will only be present if present in the command message. Value X'19 | |
|
Message Trailer |
n A
|
Will only be present if in the command message. Maximum length 32 characters | |